Are you an aspiring, recently hired or promoted CISO looking for the definitive how-to guide for your position? Look no further. An experienced CISO along with two security subject matter experts have authored a comprehensive modern day text -- 'CISO Desk Reference Guide: A practical guide for CISOs' -- which covers risk management, compliance, audit, IT security disciplines, cybersecurity extending to IoT (internet of things) devices, cyber insurance, staffing, board concerns, and everything in between.

(Disclaimer: Steve Morgan is founder and CEO of Cybersecurity Ventures.)

Hayslip brings direct CISO experience to the book. He is deputy director, CISO for the City of San Diego, Calif. -- which has more than 1.37 million people, and is the eighth largest city in the United States and the second largest in its home state. He advises the City of San Diego’s executive leadership consisting of Mayoral, City Council, and 40+ city departments and agencies on protecting city government information resources. Hayslip oversees citywide cyber security strategy and the enterprise cyber security program, cyber operations, compliance and risk assessment services.

The CISO Desk Reference Guide is suitable material for security chiefs at Fortune 500, global 2000, and mid-sized corporations, as well as security leaders at U.S. federal agencies, state and local governments, universities, and non-profits. CIOs and senior IT staff at small to mid-sized firms with and without CISOs will also benefit from the soup-to-nuts security guidance found in the book.

The rubber hits the road in chapter 2, which covers regulatory, compliance and audit - a particularly gnarly topic which leaves many new CISOs wondering where to begin. The authors explain what regulatory requirements are, how to engage with auditors, and how to make audits effective. The chapter also speaks to legislation, which is changing cybersecurity... not something immediately obvious to most CISOs.

A severe cybersecurity workforce shortage has left CISOs and corporate IT security teams shorthanded and scrambling for talent while the cyber attacks are intensifying, according to the recent Cybersecurity Ventures report. Corporations are responding by placing some or all of their IT security into the hands of third parties. The IT security outsourcing segment recorded the fastest growth (25 percent) out of the entire cybersecurity market last year, according to Gartner. Outsourcing security introduces a whole new risk for enterprises — choosing the right third party which has the cyber defenders, cyber operations, and security platforms to effectively combat an increasingly hostile threatscape. The CISO Desk Reference Guide devotes an entire chapter to third-party risk -- including eight risk factors to assess with vendors including:

Operational Risk

Privacy Risk

Reputation Risk

Security Risk

Regulatory Risk

Revenue Risk

Financial Risk

Service Risk

A careful read through these eight points in the CISO Desk Reference Guide is sure to make outsourcing any aspect of security a much less risky proposition for CISOs who are leaning in that direction.

The book is worth its weight in gold for Hayslip's overview on Cybersecurity Tools and Techniques. He shares that if there's one thing he has learned as a CISO, it's that if you want to be effective you must work to build trust with the organization's stakeholders and make the case that cybersecurity is a value proposition, a service that all business channels should leverage to be competitive. Then he dives into what readers have been waiting for -- an experienced CISO's recommendations around security policy, incident response, data back-up, security awareness training for employees, patch management, anti-virus and malware protection software, vulnerability scanning, desktop encryption, wireless network security testing, email security, and more.

There's still 10 days left until the end of summer 2016... so it's not too late to make the CISO Desk Reference Guide your summer read.